WPA3, the new iteration of the Wireless Protected Access (WPA) standard announced earlier this year, has now been added to the Wi-Fi Alliance’s Wi-Fi certification program. This is a major step toward its adoption because wireless device manufacturers can start incorporating it into their new products.
WPA2 has been the standard for Wi-Fi security for more than a decade and will continue to remain mandatory for all “Wi-Fi CERTIFIED” devices, according to the Wi-Fi Alliance, an organization whose members include Apple, Microsoft, Intel, Samsung, Cisco Systems and other major technology companies.
WPA3 will be optional for now, but “as market adoption of WPA3 grows, the new generation of Wi-Fi security will become required for all Wi-Fi CERTIFIED devices,” the alliance said in an announcement.
One of the major improvements of WPA3 over WPA2 is a new and stronger key establishment protocol called Simultaneous Authentication of Equals (SAE). This new protocol provides protection against brute-force password guessing attempts—the primary method for breaking into wireless networks—even when users choose weak passwords.
The strengthening of the Wi-Fi handshake and key negotiation between clients and hotspots is a welcome development, especially since the KRACK attack against the WPA2 handshake was discovered last year. The Wi-Fi Alliance has added additional protections to WPA2 since then and the software implementations in operating systems have been fixed, but the KRACK attack showed that serious bugs can exist in a widely deployed and trusted standard.
Another addition to WPA3 is a 192-bit security suite in the WPA3-Enterprise variant that meets the higher security requirements of enterprise and government networks.
“WPA3 security continues to support the market through two distinct modes of operation: WPA3-Personal and WPA3-Enterprise,” the Wi-Fi Alliance said. “All WPA3 networks use the latest security methods, disallow outdated legacy protocols, and require use of Protected Management Frames (PMF) to maintain resiliency of mission critical networks.”
Furthermore, WPA3 will maintain interoperability with WPA2 devices through a transitional mode, so even if existing clients won’t support WPA3, they will still be able to connect to WPA3-protected networks.
The Wi-Fi Alliance has also launched two new programs based on WPA3. Wi-Fi CERTIFIED Easy Connect allows users to connect devices with no display interface, such as sensors and other IoT products, to wireless networks by scanning a QR code with a smartphone. The other program, Wi-Fi CERTIFIED Enhanced Open, will provide better security to open Wi-Fi networks by using Opportunistic Wireless Encryption (OWE).
Necurs Botnet Uses Internet Query Files for Malware Delivery
Necurs, one of the largest spam botnets in operation, has switched to a new malware delivery mechanism that takes advantage of an obscure file format called the Internet Query File (IQY).
On Windows, IQY files get interpreted and executed by Microsoft Excel as Web Query Files and can be used to import data automatically from external sources into a spreadsheet.
According to researchers from Trend Micro, the latest spam wave from Necurs contains emails with IQY attachments. When opened, those files download a script that can take advantage of Excel’s Dynamic Data Exchange (DDE) feature to execute a command that starts a PowerShell process, launching a longer infection chain.
“The PowerShell script enables the download of an executable file, a trojanized remote access application, and its final payload: the backdoor FlawedAMMYY (detected as BKDR_FlawedAMMYY.A),” the Trend Micro researchers said in a blog post. “This backdoor appears to have been developed from the leaked source code of the remote administration software called Ammyy Admin.”
The Necurs authors are known for coming up with innovative ways of bypassing anti-spam filters. In April, they used URL files in spam emails that, when executed, opened connections to remote servers over the SMB (Server Message Block) protocol.